Vulnerabilities > Ghost > Ghost > 5.46.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-43409 | Improper Authentication vulnerability in Ghost Ghost is a Node.js content management system. | 6.5 |
| 2024-02-11 | CVE-2024-23724 | Cross-site Scripting vulnerability in Ghost Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. | 9.0 |
| 2024-01-21 | CVE-2024-23725 | Cross-site Scripting vulnerability in Ghost Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. | 6.1 |
| 2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |